Commit Graph

899 Commits

Author SHA1 Message Date
Travis Cross 6a3dcc9e0f Drop null-auth suites from our default TLS cipher list
Previously we disallowed anonymous Diffie-Hellman, but there are other
kinds of null-authentication TLS suites.  In particular, disallowing
AECDH is important now that we support elliptic-curve Diffie-Hellman.
2014-03-05 21:37:30 +00:00
Anthony Minessale 4cf14bce50 FS-5814 2014-03-06 00:31:10 +05:00
Anthony Minessale fe2a4bfa53 FS-5814 2014-03-05 13:12:02 -06:00
Anthony Minessale 7cb91467e0 FS-5814 --resolve 2014-03-06 00:02:40 +05:00
Anthony Minessale 066de4b378 Port commit from gitorious copy of sofia-sip our code now differs but this issue would still be a concern for OS X
commit ee51fa4e2993ab71339e29691aec8b924c810c53
Author: Frode Isaksen <frode.isaksen@bewan.com>
Date:   Thu Aug 18 16:40:58 2011 +0300

    su: fix su_time() on 64-bit OS X

        The field tv_sec in struct timeval is 64bits instead of 32bits as in
	    su_time_t, so you cannot cast su_time_t to struct timeval.
2014-03-05 10:25:39 -06:00
Travis Cross d5760e0d6a Show TLS cipher suite selected in sofia debug
This shows the cipher name, TLS version, the number of cipher bits and
algorithm bits, and a description of the cipher in Sofia's debug
logging output on level 9.
2014-02-28 20:46:34 +00:00
Anthony Minessale 55901ae0f1 FS-6168 --resolve 2014-02-28 23:30:42 +05:00
Moises Silva 461f94870f Merge remote-tracking branch 'origin/master' into moy/tport-log-fix 2014-02-24 19:39:17 -05:00
Travis Cross 2fe0516ac2 Fix missing/duplicate declaration
This looks like a copy/paste error.

FS-6037 --resolve

Thanks-to: David Sanders <dsanders@pinger.com>
2014-02-21 21:09:19 +00:00
Michael Jerris 0cebdf8fc5 fix types for reply to 2014-02-21 16:08:30 -05:00
Michael Jerris 63aea267bc change macro name to work around conflict in openbsd 2014-02-21 15:25:50 -05:00
Michael Jerris 19f9dc12d3 change macro name to work around conflict in openbsd 2014-02-21 15:24:44 -05:00
Travis Cross 8b7d58ddf8 Rework handling of Linux TCP keepalives in Sofia
This separates out the Linux socket TCP keepalive timeout interval
from Sofia's internal mechanisms.  Earlier we tied these together.  In
retrospect this seems improper.

These two values can now be set separately.

You might, for example, want to keep the Sofia internal mechanism
disabled completely while enabling the platform-based mechanism if
your platform supports it.

We also here reform the default value of the socket TCP keepalive
parameter to 30 seconds.

This is what commit a0e9639a1f should
have been.

FS-6104
2014-02-11 06:27:20 +00:00
Travis Cross 2b064e6393 Add additional debugging output to keepalive handling 2014-02-11 05:40:41 +00:00
Travis Cross 3ae189ca3f Synchronize Sofia and Linux TCP keepalive timeout units
Sofia keeps the TCP keepalive timeout in milliseconds, but Linux
expects the value in seconds.  Before this change, it's unlikely the
TCP_KEEPIDLE and TCP_KEEPINTVL calls were having much effect as we
would have been passing them a huge value.

FS-6104
2014-02-11 05:33:25 +00:00
Travis Cross a96eefe8ee Add support for EECDH to Sofia-SIP
This adds support for the ephemeral elliptic curve Diffie-Hellman key
exchange, which provides for forward secrecy in the event that
long-term keys are compromised.

For the moment, we've hard-coded the curve as prime256v1.
2014-02-06 15:40:35 +00:00
Travis Cross c0101e2ce6 Allow setting TLS cipher suites through Sofia-SIP API
Previously there was no way to override the hard-coded cipher suite
specification of "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH".

This commit does leave in place the hardcoded cipher spec for WebRTC
of "HIGH:!DSS:!aNULL@STRENGTH".
2014-02-06 06:04:02 +00:00
Travis Cross e3b353e911 Allow setting enabled TLS versions in Sofia-SIP
Previously if the TPTAG_TLS_VERSION was set to a non-zero value we
supported only TLSv1 (but not TLSv1.1 or TLSv1.2), and if was set to
zero we supported all versions of TLS and SSL (including the
ridiculous SSLv2).

Now we take an integer field where various bits can be set indicating
which versions of TLS we would like to support.
2014-02-06 02:17:13 +00:00
Michael Jerris b6270f4d70 FS-6030: --resolve fix variable scoping issue for more aggressive optimizer 2014-02-05 08:46:04 -05:00
Anthony Minessale 0a3e18a308 FS-6174 --resolve after updating to this revision, put ca-bundle.crt in /usr/local/freeswitch/certs to get chain cert in place for both dtls and wss 2014-01-31 20:16:54 +05:00
Anthony Minessale 0e14b758fc FS-6150 --resolve cool find 2014-01-27 06:57:05 +05:00
Travis Cross a0e9639a1f Handle Linux TCP keepalives better in Sofia
Sofia accepts a value for the TCP keepalive timeout interval via
TPTAG_KEEPALIVE, however it fails to use this value for the Linux
keepalive socket options TCP_KEEPIDLE and TCP_KEEPINTVL.  In fact, on
Linux it enables the sending of TCP keepalives even if tpp_keepalive
is set to zero which would disable Sofia's internal keepalive
mechanisms.  Sofia then uses a hard coded value of 30 seconds for
these keepalive intervals which affects battery life on mobile
devices.

With this commit we harmonize the sending of TCP keepalives on Linux
with other platforms by using the value from TPTAG_KEEPALIVE and not
enabling the sending of TCP keepalives at all if the value of the
parameter is zero.

FS-6104 --resolve
2014-01-18 15:46:56 +00:00
Seven Du f5b18c0fdd FS-5642 --resolve add back the ETIMEDOUT check, needed on Mac 2013-12-13 11:46:14 +08:00
Jeff Lenk bb53175526 FS-6010 --resolve 2013-11-29 22:16:49 -06:00
Anthony Minessale bbe1fe1a31 FS-6005 --resolve 2013-11-27 10:20:35 -06:00
Moises Silva 713ddc4834 Fix tport_stamp in the sofia stack to use localtime for the timestamp 2013-10-29 12:17:55 -04:00
Anthony Minessale c8be999c34 FS-5911 --resolve 2013-10-25 23:51:43 +05:00
Jeff Lenk 88b2e96516 windows fix compiler errors 2013-10-22 23:23:48 -05:00
Anthony Minessale 20a55d3cc6 update 2013-10-22 16:27:15 -05:00
Anthony Minessale e2bdd78d55 FS-5896 --resolve 2013-10-22 20:33:13 +05:00
Anthony Minessale 3c2a5db225 add missing protos 2013-10-21 20:11:30 +05:00
Michael Jerris bfcd1e07ca compile failure due to no newline at end of file 2013-10-21 10:54:23 -04:00
Anthony Minessale 0d19abfbdb FS-5887 --resolve 2013-10-19 00:00:28 +05:00
Anthony Minessale 8aff25e03d FS-5855 please try lastest HEAD 2013-10-08 12:10:36 -05:00
Michael Jerris 1aa8464114 FS-5819: don't assigne variable to itself 2013-09-30 13:28:47 -04:00
Chris Rienzo 6b9382290d FS-5819 fix typo 2013-09-27 22:23:23 -04:00
Michael Jerris 42d7d86514 FS-5819: fix bounds check on enum type 2013-09-27 21:28:12 -04:00
Michael Jerris 25001e857f FS-5819: fix useless assignment in sofia 2013-09-27 12:39:49 -04:00
Anthony Minessale 8493c88f88 fix proto regression from last commit 2013-09-19 19:34:58 -04:00
Anthony Minessale 750847f290 ignore a= lines when m= port is 0 2013-09-19 13:44:20 -05:00
Jeff Lenk b407732dcd fix for todays ws.* changes 2013-09-17 23:23:11 -05:00
Anthony Minessale f1d0357e92 minor fixes in ws.c 2013-09-18 05:13:46 +05:00
Anthony Minessale 50ea67b340 fix connection issue in websocket 2013-09-17 06:24:58 +05:00
Brian West 378648f2b1 similar fix to 53d17a1312 2013-09-12 16:56:07 -05:00
Anthony Minessale 98df017ae6 FS-5780 --resolve 2013-09-12 00:10:28 +05:00
Anthony Minessale d7608fad7a FS-5714 --resolve 2013-09-05 20:55:55 +05:00
Anthony Minessale c001840d9d FS-5714 --resolve That is probably the right place 2013-09-05 20:41:31 +05:00
Anthony Minessale 53d17a1312 override the default 30 minute timeout on tport connections for websockets 2013-09-04 04:24:53 +05:00
Anthony Minessale b5ac54ecca FS-5738 --resolve 2013-08-28 23:18:41 +05:00
Anthony Minessale dbfde499a4 add val to debug message 2013-08-23 04:13:19 +05:00
Anthony Minessale da148c0dd4 remove call to close 2013-08-22 18:49:35 -04:00
Anthony Minessale d00c8a6abf FS-5641 --resolve 2013-07-29 16:07:03 -05:00
Anthony Minessale bc851de200 FS-5642 FS-5556 --resolve I have not tested this yet for the connect but I fixed the seg for sure which was an outstanding issue in 5556 reopen 5642 if connect still doesnt work 2013-07-26 11:27:45 -05:00
Anthony Minessale 5dbf2b3cf7 refactor some video code 2013-07-11 17:38:24 -05:00
Jeff Lenk 5fc2bc9993 FS-5588 --resolve windows compiler fixes 2013-07-09 07:53:56 -05:00
Anthony Minessale 94f3b90040 use static buffer and nonblocking socket in websocket client 2013-07-08 08:25:45 -05:00
Jeff Lenk a52a604fbb FS-5527 fix compiler error windows 2013-06-28 11:05:27 -05:00
Anthony Minessale dac93d7936 FS-5527 --resolve 2013-06-28 10:42:06 -05:00
Anthony Minessale b2e06346d4 some more ws transport tweaks 2013-06-27 14:04:13 -05:00
Anthony Minessale a26ab6e3e0 fix ssl connect race 2013-06-26 23:10:19 -04:00
Anthony Minessale afc18668f3 tweak sip ws code to avoid double free 2013-06-26 12:43:54 -04:00
Anthony Minessale da0c0c0e4a revert 02c329da33 and put proper fix 2013-06-24 08:31:06 -05:00
Jeff Lenk 02c329da33 fix compiler warning 2013-06-20 14:27:32 -05:00
Anthony Minessale 469bcc562d fix gcc bug patch 2013-06-20 10:50:33 -05:00
Anthony Minessale c01fa0e1cf newer gcc does not like when you use out of bounds array indexes to access other elements in a struct (at least at -O2) 2013-06-20 10:16:35 -05:00
Anthony Minessale 66239f15b0 comment out broken test 2013-06-20 10:16:35 -05:00
Anthony Minessale a71b199de4 fix ref counting issue in tcp,tls,wss transports 2013-06-19 21:54:58 -05:00
Anthony Minessale 633dcd46b6 yay for bugs 2013-06-19 12:26:45 -05:00
Anthony Minessale 9a87ec6a52 disable dialog matching for subscribe reqs so it always uses a new handle to avoid conflicting with notify transactions
Conflicts:
	libs/sofia-sip/.update
2013-06-12 23:48:39 -05:00
Brian West a55d70ed62 add kirk wireless servers to safe as they do not do rport 2013-05-31 11:54:05 -05:00
Anthony Minessale 471b3d33fd add tcp keepalive where possible 2013-04-25 13:33:17 -05:00
Anthony Minessale fddad1da06 FS-5343 --resolve 2013-04-24 12:09:35 -05:00
Jeff Lenk 43eaa95746 windows compile another step closer 2013-04-03 08:55:03 -05:00
Jeff Lenk ff9571e1e9 sofia windows compiler warnings 2013-04-02 17:25:10 -05:00
Ken Rice 23410558ff hust compiler warning 2013-04-01 17:24:52 -05:00
Anthony Minessale cc3e75fc62 omit weak ciphers to prevent hackage 2013-03-31 21:27:27 -05:00
Anthony Minessale 68055eab2b support tls dir options properly 2013-03-31 21:27:26 -05:00
Anthony Minessale c4b221c750 trying to get mozilla to work using sipml5, got stun/dtls/rtp flowing and its dead silent. c'mon guys... why do you have to do everything differently????? 2013-03-31 21:27:25 -05:00
Anthony Minessale a36bd797c6 fix shutdown seg 2013-03-31 21:27:24 -05:00
Anthony Minessale 52e7a63bbf fix for firefox secure websockets which for some reason writes only 1 byte first on secure ws frame 2013-03-31 21:27:24 -05:00
Anthony Minessale e00ede7e7d unreg on sock disconnect 2013-03-31 21:27:22 -05:00
Anthony Minessale 0ce92e4cee wire in tport error callback to nua_stack_tport_error 2013-03-31 21:27:22 -05:00
Anthony Minessale 24868979f7 more portable type 2013-03-31 21:27:22 -05:00
Anthony Minessale fa8ccff7c3 polish 2013-03-31 21:27:21 -05:00
Anthony Minessale 2ccc771825 fix cpu race on ws poll 2013-03-31 21:27:21 -05:00
Anthony Minessale 99559a3cd3 add NUTAG_WS_URL and NUTAG_WSS_URL tags 2013-03-31 21:27:21 -05:00
Anthony Minessale e31c74b638 use cert dir from tls config to find wss certs 2013-03-31 21:27:21 -05:00
Anthony Minessale 668f4a6207 working mo better 2013-03-31 21:27:20 -05:00
Anthony Minessale 62e62e1e34 add websocket transport to sofia 2013-03-31 21:27:20 -05:00
Anthony Minessale a70aa8f9be add parsers for web socket headers 2013-03-31 21:27:20 -05:00
Anthony Minessale a4853b8f13 add support for WS and WSS proto in VIA 2013-03-31 21:27:18 -05:00
Anthony Minessale 03e5b366f7 revert whitespace change 2013-03-31 21:27:17 -05:00
Anthony Minessale 20568e64df wip 2013-03-31 21:27:17 -05:00
Anthony Minessale 9b11dbe4b9 FS-4452 --resolve 2013-03-06 12:58:30 -06:00
Ken Rice c35a41e4ca FS-3772 --resolve please no vanity comments 2013-03-01 15:48:48 -06:00
Anthony Minessale 45d849ab74 FS-5095 --resolve all boils down to uninitialized vars grrr 2013-02-19 13:11:50 -06:00
Anthony Minessale 1c9a10162f FS-5068 --resolve this was an edge case assert in a DNS error. You may want to check that you have valid DNS servers but this should stop the crash 2013-01-31 13:53:50 -06:00
Anthony Minessale f0bf3b917d FS-5047 --resolve This seems to be a problem in libsofia, this should fix it. 2013-01-30 17:20:19 -06:00
Michael Jerris 63deed9fc9 fix double-destroy seg 2013-01-14 12:02:28 -05:00
Michael Jerris 41b2ce51d2 add support for RTP/SAVPF to sofia stack 2013-01-14 08:31:10 -05:00
Anthony Minessale 8e78ca69e5 add some missing macros to typically disabled stun code 2012-12-07 08:42:54 -06:00
Anthony Minessale 18f20e24bf fix bad return vals on sending messages when under stress 2012-11-13 17:56:31 -06:00
Anthony Minessale e8f3e42f8b FS-4779 try this patch 2012-11-08 09:52:20 -06:00
Anthony Minessale 6627dc8696 fix some contention issues under really high load...That doesn't mean you need to push it this hard and bug me about it =p 2012-11-07 14:53:16 -06:00
Anthony Minessale e884de5b07 add NUTAG_RETRY_AFTER_ENABLE() tag to lib sofia and use it in mod_sofia to disable processing retry-after headers on a per-call basis 2012-11-02 13:54:54 -05:00
Seven Du 3ef548eeb5 fix compile, please review 2012-10-27 08:24:01 +08:00
Anthony Minessale 63e2044a7e modify sofia debug code to print file, line numbers and function name 2012-10-26 14:15:14 -05:00
Anthony Minessale 5f469ad2bd FS-4753 --resolve this should properly detect it everywhere 2012-10-23 13:14:51 -04:00
Seven Du 0263ce9247 FS-4695 fix apple build, seems there's no pthread_setschedprio on Mac, not sure if windows has the same problem in apr/threadproc/unix/thread.c 2012-10-08 09:03:34 +08:00
Jeff Lenk 5620d6d063 windows fixes for priority - needs to be revisited when apr and pthread versions support calls. 2012-10-01 20:34:15 -05:00
Anthony Minessale 0f477d1586 increase pri in sofia 2012-10-01 12:25:10 -05:00
Anthony Minessale 016550f218 FS-4627 --resolve 2012-09-18 18:42:09 -05:00
Anthony Minessale bb69310259 FS-4079 FS-4540 please update to this version 2012-08-15 22:51:41 -05:00
Anthony Minessale 5867d0424d FS-4079 please try this 2012-07-18 21:48:53 -05:00
Anthony Minessale 2aebe2456f first pass on some new stuff 2012-07-11 15:15:50 -05:00
Travis Cross 3f24ef16b1
Avoid -Wunused-value warning
Don't use the SET_STATUS1 macro as it will always produce this
warning.  It's a rather 'interesting' macro that's probably best
avoided anyway.
2012-06-25 06:41:00 +00:00
Travis Cross cbde2faab2 Fix confusion between size_t and ssize_t
readfile returns a value of type ssize_t (signed) and returns -1 if an
error occurs.  In auth_readdb_internal, however, we were assigning the
return value of readfile to a variable of type size_t (unsigned), but
then testing this unsigned value to see if it was < 0, a
contradiction.  We would thus simultaneously fail to report the error
in readfile and would end up with a corrupted length value.
2012-06-25 06:38:30 +00:00
Travis Cross e6629ab5f6 Add missing return statement
sres_cached_answers_sockaddr is supposed to return ENOENT if no cached
records are found.  Because of the missing return statement, however,
it would never do this and would instead return something very likely
to be garbage.
2012-06-25 06:38:30 +00:00
Travis Cross 5077384c5b Remove a contradiction
base64_d returns a value of size_t, which is unsigned.  The value
therefore cannot be less than zero.  The second check testing whether
it is >= INT_MAX is not a contradiction, but it doesn't make any sense
to check for this (as far as I can tell).
2012-06-25 06:38:30 +00:00
Travis Cross 76a26648d4 Remove a tautological conditional
SU_LOG->log_level is declared as unsigned, hence it will always
be >= 0.
2012-06-25 06:38:29 +00:00
Travis Cross 9e52f33d91 Implement MEMLOCK and UNLOCK as functions
Converting these macros to functions declared static inline allow the
C type-checker to work and avoid warnings about unused expression
values.  These warnings break the build with clang.
2012-06-25 06:38:29 +00:00
Travis Cross c01a142665 Implement su_errno and su_seterrno as functions
This avoid warnings about expressions with unused values.  These
warnings break the build with clang.

An optimizing compiler should still inline these calls.  If that turns
out not to happen on some platform, we could rename the functions used
internally and declare them static inline.
2012-06-25 06:38:29 +00:00
Travis Cross 43f2c89a08 Fix memset calls in sofia-sip
These calls were zeroing only a pointer's worth of memory rather than
the actual size of the objects.
2012-06-25 06:38:29 +00:00
Travis Cross c85c8d7bbd
Add mechanism to set OpenSSL session timeout
In a sofia profile, you can now set the parameter tls-timeout to a
positive integer value which represents the maximum time in seconds
that OpenSSL will keep a TLS session (and its ephemeral keys) alive.

This value is passed to OpenSSL's SSL_CTX_set_timeout(3).

OpenSSL's default value is 300 seconds, but the relevant standard
(RFC 2246) suggests that much longer session lifetimes are
acceptable (it recommends values less than 24 hours).

Longer values can be useful for extending battery life on mobile
devices.

Signed-off-by: Travis Cross <tc@traviscross.com>
2012-06-11 21:46:05 +00:00
Ken Rice 0eca328f48 white space cleanup 2012-05-03 18:55:06 -05:00
Anthony Minessale 8664dc6d5a some perfomance tweaks 2012-05-03 16:31:21 -05:00
Anthony Minessale b553d62fbd add sip_require_timer=true variable to enable require timer on session refresh that breaks finicky endpoints 2012-04-26 10:35:02 -05:00
Michael Jerris 7d3816dbea silence set but not used 2012-04-25 15:19:47 -04:00
Michael Jerris ba4280e61f try to add a tag to disable timer autorequire NUTAG_TIMER_AUTOREQUIRE(0) 2012-04-25 15:15:32 -04:00
Anthony Minessale 62c14df322 FS-3774 --resolve 2012-04-10 16:19:23 -05:00
Anthony Minessale 92fb339434 FS-4071 --resolve 2012-04-04 16:18:53 -05:00
Anthony Minessale 872a0fe658 FS-3957 --resolve 2012-03-01 10:04:07 -06:00
Jeff Lenk 5e66db63f1 FS-3896 --resolve that sizeof was incorrect 2012-02-17 08:50:03 -06:00
Anthony Minessale ef097a19b9 FS-3794 please repat all tests with this version 2012-01-16 17:26:35 -06:00
Anthony Minessale 7938fd81cc FS-3813 --resolve this should be ok 2012-01-16 12:47:37 -06:00
Marc Olivier Chouinard f97a3266df FS-3071 I've commited the upstream passphrase backport 2011-12-18 11:04:59 -05:00
Anthony Minessale e9bde2eb0e FS-3758 --resolve ok so I wrote my own patch but i did borrow the 2 lines of code to create a seq from the original patch! sofia changes probably need to be converted to a tag if they are to go upstream. This completely manages sub/pub from inside mod_sofia inside the db and subs can now persist and/or fail over mid dialog tested on several things like polycom/snom/yealink on SLA and presence 2011-12-15 16:30:33 -06:00
Anthony Minessale 9fe1f6fdcb FS-3748 --resolve 2011-12-06 18:12:48 -06:00
Anthony Minessale 58c3c3a049 comment out optional Require header from re-invites for the sake of interop with testy t.38 terminals 2011-11-22 18:22:57 -06:00
Anthony Minessale a19352aa23 FS-3688 revert 2011-11-18 17:01:03 -06:00
Anthony Minessale 2fae5dfadd FS-3688 please do clean build and test make current or the equiv 2011-11-17 11:44:10 -06:00
Anthony Minessale 032155c51e FS-3658 remember to date > libs/sofia-sip/.update when you patch sofia lib 2011-11-02 08:59:23 -05:00
Anthony Minessale cd8ccebbf4 save via_string when sent to nh so we can use it in session timer re-invites to fix double nat issue 2011-08-22 10:58:33 -05:00
Anthony Minessale a95b5c3823 FS-3474 sofia portion 2011-08-19 16:34:17 -05:00
Anthony Minessale bc177a4b28 FS-3475 --resolve 2011-08-02 13:51:57 -05:00
Anthony Minessale ed23847574 fix mac build 2011-08-01 10:01:50 -05:00
Jeff Lenk 02bb35148d trivial compiler warning 2011-08-01 10:39:11 -05:00
Jeff Lenk 2b6a4f97c3 trivial portability issues c89 2011-08-01 09:48:08 -05:00
Anthony Minessale 3e029f0dfb add capture hooks to libsofia 2011-07-31 18:36:05 -05:00
Mathieu Rene 7403db7005 Fix segfault in sofia's stun code 2011-07-27 12:26:43 -04:00